Posted
by
Unknown Lamer
on Monday November 05, 2012 @08:08PM
from the find-out-who-hates-the-planet dept.

alphadogg writes "University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home. The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received."
Perhaps more distressing, given trends in 4th amendment interpretation, I bet the transmissions are open game for law enforcement.

The tools were simple: a $1,000 Universal Software Radio Peripheral software-defined radio, an amplifier, and the freeware GNU Radio software, plus of course, the team's knowledge of wireless protocols and data processing.

Yeah really, it's not like home burglars are gonna buy this equipment, enroll in CS/EE courses at the local university, and learn wireless protocols so they can figure out if the owner is home before they rob it.

The submitter's distress over 4th amendment rights is equally stupid. If the spooks and cops wanna know your power usage, they can just pick up the phone and call the power company.

It may be of limited usefulness, but, I wouldn't want to bet on it. You never know what someone is going to come up with, and it wouldn't be hard or even conspicuous to drive through and collect data on whole neighorhoods. I Would bet you can see who is running a lot of electronic equipment and who is growing pot in their base

It may be of limited usefulness, but, I wouldn't want to bet on it. You never know what someone is going to come up with, and it wouldn't be hard or even conspicuous to drive through and collect data on whole neighorhoods. I Would bet you can see who is running a lot of electronic equipment and who is growing pot in their basement....

Just mining that data for leads could be very lucrative for LEAs and TLAs in drumming up convictions to justify ever-more taxpayer money and powers to violate ever-more civil rights.

Yes but.... as the grandparent pointed out, and I agree.... they will have the data anyway, all they have to do is ask (or pay) the electric utility for the info, and it is theirs. No amount of protection at the box is going to stop that

I develop similar products for the water industry, and we actually looked at interoperability with meter reading equipment, so I know of what I speak.

You don't really need a $1000 SDR. In fact a cheap $20 one off eBay will work, but actually all of this kit uses a small number of widely available radio chipsets (e.g. Texas 11xx range), usually on 868MHz or sometimes on one of the reserved meter reading bands. Often the protocol is wireless MBUS, sometimes it is a simple proprietary one.

You can buy modules with amplifiers built in for $20, and then you just need a good antenna and some programming knowledge. It wouldn't be hard to develop a little device that reads the data, just like the ones the power company uses, and sell it for say $200. No skill required to use it. The only plus side is that they don't usually transmit the property address with the power consumption data, only a customer ID or something like that, so it could be hard to tell which reading belongs to which house.

In the article, they describe using a directional antenna to scan an entire neighborhood from one location. In other words, this isn't novel in general as much as it is novel in that it scales to dozens or even hundreds of homes.

What the hell for? They can buy a thermal imager for $1200. You could probably modify a cell phone's camera to make a cheap-ass IR camera for a lot less. You might need no more than a filter to block visible light.

There is already a cheap way to do that for digital SLR camera using photographic film to block visible light. My hobbyist friend does it to take infrared photography. It is so amazing how the world looks in infrared: http://en.wikipedia.org/wiki/Infrared_photography

Or even a quick look to see if there are any flashes on the walls of TVs that are on. You might even see that without cars in the driveway... or knocking, actually. Some people might just not answer the door after a certain time, or after it gets dark.

Once it gets to a certain time that I expect absolutely no one to come knocking on the door, usually a cutoff time of somewhere between 10 and midnight depending on expectations, I do just that. If someone wants to come up later than that, they better have

So let me get this straight... if somebody wants to know when you're home, they're going to run out and buy a radio and learn to use it, then sniff your meter's transmissions, then analyse them for periodic components, then correlate that with known patterns... rather than just waiting to watch you leave?

If someone wants to know who all houses in the neighborhood that are currently empty, yes this is the best way to do it. You can also identify which houses have no neighbors at home. I could also be very useful, if you are trying to improve your efficiency and are targeting more than one house at the same time.

As I said, efficiency is the key. This is way more efficient that jogging around the neighborhood. I can map an entire neighborhood with this by driving around, in a few minutes and be pretty sure that no one is at home. It would take a lot of skill to do the same, by just jogging around. I can also pick better targets using these.

Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.

During the day it's not all that unlikely to be home without using any extra electricity. Nor is likely to not be using electricity when you're not there - it could be anything from a water heater, a fridge, a pot farm, a PVR, or cordless weedwacker recharging.

I'm sure there are clues about whether people are home from electricity usage, but if they're not all that reliable, then they're not that useful for analyzing a large number of homes in a short period of time to find a particularly vulnerable one.

None of these can be automated. I can cover entire cities using this setup, and driving at regular speed limit. I can pick targets better. I can find cluster of people not at home, and rob them at the same. I can use Operations Research to calculate the best loot possible.

Also this is more efficient, it allows robbers to target more houses that it was possible before.

That's exactly how a PhD would approach robbing a house - by collecting scientific data, analyzing it, and then offering a hypothesis (you are at home or not.)

However real life thieves do it in a better way. They throw a brick through the rear door and disappear. If nothing happens within 15-20 minutes then they know that all of the following is true: nobody is at home; there is no alarm; there are no dogs; the neighbors heard nothing. Then the house is safe to approach.

You see, there is no need to know if neighbors are at home or not. This is useless information. What is not useless, however, is whether they hear the commotion or not. Similarly, it is pointless to know if you are at home or not. An alarm may be at home in your place, guarding better than you would. The method that thieves use checks for the end condition directly - and it requires minimum IQ.

Er, my point is that the old school robbing methods are still useful. Only that you have a better list of houses. The wardriving will really narrow down the list of houses. Now you can throws bricks into each of houses, and do whatever you would have done before. This just makes the old process, more efficient.

Only that you have a better list of houses. The wardriving will really narrow down the list of houses.

I don't think thieves would pay much attention to that. It requires a lot of samples to determine what levels of activity coincide with occupancy. At night, for example, power consumption is the same regardless of whether you are asleep at home or awake at work. As others mentioned, you also need to know the meter ID, and for that you need to collect all this information directly from meters, making your

Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets. All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.

I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.

Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.

I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed [slashdot.org] properly to maintain any actual security.

Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets.

You still need to do pain old watching, but this narrows down the number of house, down very very significantly. Now you get to concentrate on a small set of houses, and your efficiency improves

All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.

I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.

May it is because it was tough to monitor more number of house and that will be less difficult using these smart meters?

Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.

I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed [slashdot.org] properly to maintain any actual security.

Or a thief could just go jogging around the block for a while in the morning.

That doesn't tell you who is on vacation. Nor does it tell you anything if the people have their garage doors closed. Drop a sniffer somewhere unobtrusive for a week and you'll know about every house on the block without risk of people noticing a stranger casing the neighborhood either.

The ones that don't move a stick from their front porch or a flyer stuck in their door? They're probably not home.

Don't expect people to notice a stranger. A salesman sticking flyers in people's door handles is annoying, but not very suspicious. A jogger who looks similar to the salesman from the day before will be unnoticed. If, by some fluke, a police officer asks, they can show off the flyer promoting their services selling old junk (which they suspect these old houses are full of) on Craigslist for a 10

Then it's a good time to change tactics. Instead of flyers, carry a Bible and become a proselytizer. Actually run the Craigslist business for a while, putting flyers in several neighborhoods with antiques that you won't rob. As mentioned below, sell candy bars for a charity fundraiser. Volunteer to canvass to encourage voting. Invite people to a public event. Wander around "lost" at dusk, asking other pedestrians for directions to some landmark in the direction you're already headed.

Fundamentally my problem with your position is that it is the ostrich version of security. Just because you can't think of a way to exploit the system does not mean we shouldn't build it robustly. It is kind of like three legged chairs - they ought to be just fine in theory, but it in practice they are lot less stable than four legged chairs.

I expect you to say that we should not incur costs that are unnecessary but my position is that baseline securitiy is always necessary, particularly in a system that

One nice evening, a young Egyptian lady knocked on our door and begged for money for food for her little runt in training behind her. A few minutes later, we went out, got in the car and drove off. A few minutes after that, her boyfriend climbed through a window and encoutered my personal trainer son on the inside. The boyfriend exited rather more swiftly through said window than they could possibly have anticipated. So, the mark one eyeball target scouting method is not all that reliable, but a power me

Or they can walk around pretending to be cops, and offering tips on how to keep your house safe while you're on vacation, and oh yeah, would you like to tell us when you're out so we can keep an eye on your house?

This works very well around Christmas, or so I'm told.

Just be careful, you might get the one house with the Kid who has apparently gotten a master's in engineering.

In our neighborhood in La Jolla, a couple of neighbors got burgled while they were away for a month or so, even though they had stopped mail delivery, stopped newspaper delivery, had people coming by to check on the house, had put the exterior and interior lights and even the television on electrical timers so it would appear that someone was still at home... What they'd forgotten about was water usage. When they caught the crooks two months later when they tried to pawn a particularly unique piece of silver jewelry and the cops traced and jailed them was that they had a notebook of water meter readings.

.

One of them had put on an orange vest like a construction worker or traffic worker guy and walked the choice neighborhoods and recorded the meter readings. They came back two weeks later, and la voila, anyone whose water had not budged too much was obviously not at home flushing or showering or cooking. (I guess water sprinklers could screw it up in some places, but here we've got two meters: the sprinkler meter only gets you billed for water usage, the house water meter gets you billed for water usage and for sewer usage.)

.

The meter reading trick does not require wireless access. Most meters are located in a position where the meter-reader does not have to enter a backyard or gated restricted portion of the property. And seriously, has anyone ever stopped or challenged a meter-reader and said "Hey, let me see you badge, and then call someone and verify it!". I don't think so. So after all this rambling, yes I agree with you, they are reaching pretty hard and being paranoid.

Smart crooks. Most just snatch and grab. Wait till they see someone drive away (especially if an elderly person) then break the back window, grab whatever they can, and run off. Those dumb ones are probably the vast majority of all burglaries.

Water meters in my area only have the actual numerical reading on the inside of the house. The person reading the meters comes around with a specialized reader and hooks it up to a port at the front of your house. I guess it makes it a little harder for people to read the meters with specialized equipment. They recently switched to an IR system for reading the meters so that they can read them just driving down the street. I wonder if they are encrypted. I would guess not. Crooks will always find a way th

You know, my bullshit meter is sitting at about half scale reading what you just wrote. Do you have a citation for this? I googled it and couldn't find anything. In fact, the only thing I found was your post.

You don't need a citation. Walk up to most houses. You should be able to find the power meter on the side of the house. You should be able to read the numbers on the meter, no problem, even if it's also wireless, they tend to have LCD displays. If's it's got the little black-and-silver striped wheels on it, it's not too hard to figure out how to read the numbers: alternate clockwise and counter-clockwise and go down to the next lowest number: concatenate the numbers and you have a reading. Water meters

That'll be seen as suspicious and get them reported. Better is to carry a clipboard and offer to sell them insurance or try to save them. Though, around here, carying a box of chocolates and trying to sell chocolates for his son's school fundraiser would probably be best. Nobody would remember you, but the "Hi, uh, is Bob here?" guy will get remembered, and may warrant a "suspicious person"'s call to the police.

Also note these are "first generation" devices. These are not what I would call smart, they're just smarter than the really dumb meters that used to exist. Current smart meter technology is a generator or two beyond this, and they do have security (at least as a feature if the utility decides to use it).

For these meters you still need to be able to correlate which device you're hearing with which house it's from. The range is not so short as to make this easy. The address of the house is not included in

While it does seem a little paranoid to think burglars and the like are going to sit in your bushes monitoring your power usage, it wouldn't be hard to simply encrypt the transmissions. In today's society this seems like a no-brainer.

it wouldn't be hard to simply encrypt the transmissions. In today's society this seems like a no-brainer.

Yeah; I'd say that "no-brainer" is a pretty good description of most current management attitudes towards data privacy.

And, to try to avert the usual political stuff, we might observe that it's a good description for both corporate and government management of privacy issues. We don't need privacy (unless we have something to hide;-), but they try hard to keep their behind-the-scenes activities secret from their customers or citizens or whatever they call us.

what's even worse though is the damn idiots that think it's cute to have those smart meters shut down. That's right, most of them include the ability to turn the fucking power off. Now how much fun would it be for some god damn script kiddie to turn ouf the lights to an entire neighborhood during thanksgiving dinner or turkey day football/sports what ever

Encrypting the transmission is certainly pretty simple, but decrypting it is hard. More specifically, managing the decryption is hard. Who gets the decryption keys? Do they go to every meter-reading vehicle, which is the easiest to deploy (and easiest to have stolen by a disgruntled meter reader)? Do they stay in a central location that each vehicle reports back to, delaying rechecks of errors? Are the vehicles expected to remain in constant communication with the central location, which may be impossible i

Now that is absolutely not the case. PKI scales, and these days with a SIM card in most phones it is almost free as long as you set it up right. That part is hard, but it's a basically constant cost which gets less expensive over time.

So the keys stay in a central location, meaning that any recheck for verification (like when a meter says someone used a million kilowatt-hours in a month) requires another vehicle being sent out, and the reading technician/driver has no indication that there might be something wrong. Everybody loves needlessly increased expenses, right?

Service techs must have some means to communicate with their headquarters. Just use the existing infrastructure. It might be walkie talkie or CB radio or a cell phone or some sort of data device connected to a purpose build device or a laptop.

Are the vehicles expected to remain in constant communication with the central location, which may be impossible in some areas?

In the river valley in my city, where cellular coverage is spotty and the twists cut walkie-talkie range to less than shouting distance, what then? Heck, I know of residential places in my city where police radios don't even cover.

You can also tell if someone is home through unencrypted lightbulb signals through windows.

Maybe at your house.

At my house we always encrypt our light bulb emissions. Always.

Likewise. Instead of putting out white-light white-light white-light, I'll run that through the Photonic Twistor algorithm and maybe it'll come out gamma-ray X-ray radio-wave. Sometimes I'll throw some beta radiation and fast neutrons in there too just to salt it a bit.

I, too, encrypt my lightbulb emissions using the CUR-tain algorithm. There is some shadow analysis that can break it, but repeated application of the algorithm (often referred to as Triple CUR or 3CUR) will often foil that.

If you place some seismometers on the street quite close to the house, people can detect if there are people moving about in the house. Add to it laser beams reflecting off the window panes, they can detect minute changes in the structure as it flexes when you move from your bedroom to the bathroom. Sensitive microphones can be used to detect the sounds of toilet flushes too.

So, next time, in addition to getting tin foil for the hats, you should get non reflective paint for the whole structure, shock isolating floating foundation for the entire home and special noise cancelling speakers attached to the plumbing. Else, gasp! thieves will know when you are in and when you are not in your own home.

This information has never been secret. Most electricity meters are mounted on the outside of the structure in an easily accessible location with dials that are easy to read at a distance with a pair of binoculars. This is by design, allowing the utility companies to do meter readings as efficiently as possible.

There's the implicit statement that all smart meters are deployed the same way. Since this experiment shows that one smart meter vendor is producing sniffable traffic. It does not show that all vendors are in the same situation.

As a meter reader who actually reads some of these AMR meters, I'd say using the information for burglaries is a stretch. Even if you get the info it only includes meter number and reading. Since the address is not listed I can only see it being useful in rural areas where houses are far enough apart to be able to tell which house it is without physically checking the meter. For reference, I can pick up AMR meters in rural areas from about 1/2 to 3/4 a mile away while driving 50 mph.
I see the greater nefarious use would be to send out a slightly stronger signal to send a different reading and hence lower your utility bill. Since this process would be wireless and most likely involve doing nothing to the physical meter itself it would be near impossible to catch it as tampering. Also since in my area AMR meters are almost never physically checked, even a physical modification would likely go unnoticed for years.

The summary is about concern over broadcasting the signal and the police tapping into it. So was my comment, which seemed to offend a moderator. If they actually have to come and read the meter, it kinda blows their cover. More likely they would simply ask the electric company to cough up a copy of the bill, and the electric company has no interest in your 4th amendments rights, which aren't being violated in this instance anyway. Hope that clears things up a bit, in case you weren't just being silly.

I know something about these meters. First of all, they give you the current meter reading in KWH, not how much current is currently in use; you would have to take multiple samples to get that.Second of all, they are very omnidirectional and have a reasonable range, so someone can read them from the street on most houses. Which means they get several houses with any reader. The unique identifier is easily determinable, in our case it's stamped on the back side of the meter, all you have to do is pull it off the base and check it. The meters are programmed with a route and subroute number, and respond to an unencrypted transmission asking for their info by broadcasting it.As far as the 4th amendment is concerned, the police would need a warrant to get all the bits and pieces together to connect a particular meter with a particular house in the first place.Finally, the readers cost us roughly $8k each. While I'm sure it's doable cheaper, I don't see people putting that kind of effort into this. Especially as the same info can be gotten by walking up and looking at the meter. While I certainly have my concerns of security for real 'smart meters' these are not what we should focus on.

The absolute worst thing about the installation of smart meters in these parts is the endless string of "news stories" [nsnews.com] by our local community "newspaper"* about the significant health risks posed by smart meters.

It finally reached the point where, lacking any scientific evidence, they're now resorting to trying to outlaw Smart Meters, WIFI, and cel towers because of "electromagnetic hypersensitivity (EHS). Patients with EHS suffer a variety of symptoms from heart palpitations to migraines they claim are caused by radio frequency radiation.

"You know that western medicine doctors don't know anything about EHS and my naturopath actually tested me. On the sole of the foot on the inside there is a point where he tests the sensitivity to electromagnetic fields. It was very painful and he found out that I am very sensitive," Nemetzade says.

Using cryptography will be nightmare here: who gets the keys to decrypt? Too many people. Keys will be compromised and will have to be updated. How? Should the smart meter be remotely controlled by the utility? That is smelling bad.

This article or study is "not so clever." If someone wants to identify whether or not someone is home it'd be much easier to monitor activity at the house than it would be to try and track equipment cycling on or off via a smart meter. Sure we could install all kinds of encryption on a meter, but for what purpose? -- drive up costs of a utility meter! This is one of the dumbest articles I've ever seen.

Other ways to tell if someone is home1. Sniff internet packets2. check facebook2. knock on the door3. lo

Beats me. I will mention, IMHO, that if someone is gutsy enough to connect to the high voltage line with the proper communication equipment to accomplish disconnects of service equipment, they would need to know the IDs of the meters to activate, the protocol to initiate a disconnect, and a lot of time to monitor the line to find the above (unless you want to just iterate starting at the lowest number and kick off all meters one-by-one). Who has the equipment and interface knowledge other than an employee

So we have meters that can remotely command thermostat set-back, and others that can romotely disconnect power entirely. If any of these have security problems on the command side, they've essentially opened the door to crooks (or cops) cutting off your power, likely with no evidence trail created. If they shut it off and nobody opens a curtain it's a pretty safe bet that there's nobody home.

Pot farms usually bypass their meter so their high usage doesn't show up. Utilities already report irregular usage to Law Enforcement based on their normal readings. There's no need for LE to go war driving. The utilities furnish that information already.

Pot farms usually bypass their meter so their high usage doesn't show up.

Exactly! - Or use generators for the additional power needed.

Heard of a case where a pot farm was hidden in an apartment, complete with a generator in a soundproofed box and its exhaust fed into the main sewer. The grow rooms were waterproofed as well, making sure the people on the floor below didn't get nasty stains on their ceiling. It was found only by accident. The pot apartment had average water usage, normal power usage and an untampered meter.